VYPR

Vendor CVEs

Microsoft

All CVEs

14,319 total · sorted by risk
  • CVE-2026-42907MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

  • CVE-2026-42903MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.01

    Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.

  • CVE-2026-47655MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.

  • CVE-2026-47644MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-42824MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.08

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-42827MedMay 22, 2026
    risk 0.42cvss 6.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-42899HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.02

    Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2026-42891MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.00

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-42830MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.00

    Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40374MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

  • CVE-2026-35422MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.01

    Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

  • CVE-2026-34350MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.01

    Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.

  • CVE-2026-33116HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.02

    Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2026-32203HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.02

    Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2026-32178HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.02

    Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-32151MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.

  • CVE-2026-27925MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.

  • CVE-2026-26171HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.02

    Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

  • CVE-2026-26155MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.01

    Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

  • CVE-2026-26136MedMar 19, 2026
    risk 0.42cvss 6.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-26120MedMar 19, 2026
    risk 0.42cvss 6.5epss 0.01

    Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-25667HigMar 19, 2026
    risk 0.42cvss 7.5epss 0.03

    ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.

  • CVE-2026-21527MedFeb 10, 2026
    risk 0.42cvss 6.5epss 0.09

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-64670MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.

  • CVE-2025-62473MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-62465MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.

  • CVE-2025-62463MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.

  • CVE-2025-62206MedNov 11, 2025
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-60722MedNov 11, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-60708MedNov 11, 2025
    risk 0.42cvss 6.5epss 0.00

    Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.

  • CVE-2025-59259MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

  • CVE-2025-59257MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

  • CVE-2025-59244MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-59214MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.02

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-59185MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-58739MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-58729MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

  • CVE-2025-58717MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-55700MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-55225MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-54097MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-54096MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-54095MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-53809MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.

  • CVE-2025-53806MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-53798MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-53797MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-53796MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-47997MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

  • CVE-2025-55242MedSep 4, 2025
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.

Page 150 of 287